CVE-2022-49574

Summary

In the Linux kernel, the following vulnerability has been resolved:

tcp: Fix data-races around sysctl_tcp_recovery.

While reading sysctl_tcp_recovery, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux4f41b1c58a32537542f14c1150099131613a5e8a < c7a492db1f7c37c758a66915908677bd8bc5d368affected
LinuxLinux4f41b1c58a32537542f14c1150099131613a5e8a < 92c35113c63306091df9211375eebd0abd8c2160affected
LinuxLinux4f41b1c58a32537542f14c1150099131613a5e8a < d8781f7cd04091744f474a2bada74772084b9dc9affected
LinuxLinux4f41b1c58a32537542f14c1150099131613a5e8a < a31e2d0cb5cfa2aae3144cac04f25031d5d20fb4affected
LinuxLinux4f41b1c58a32537542f14c1150099131613a5e8a < 52ee7f5c4811ce6be1becd14d38ba1f8a8a0df81affected
LinuxLinux4f41b1c58a32537542f14c1150099131613a5e8a < e7d2ef837e14a971a05f60ea08c47f3fed1a36e4affected
LinuxLinux4.4affected
LinuxLinux0 < 4.4unaffected
LinuxLinux4.19.254 <= 4.19.*unaffected
LinuxLinux5.4.208 <= 5.4.*unaffected
LinuxLinux5.10.134 <= 5.10.*unaffected
LinuxLinux5.15.58 <= 5.15.*unaffected
LinuxLinux5.18.15 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References